[geeklog-cvs] geeklog: Updated documentation and version number

geeklog-cvs at lists.geeklog.net geeklog-cvs at lists.geeklog.net
Sun Aug 30 13:14:54 EDT 2009 

details:   http://project.geeklog.net/cgi-bin/hgweb.cgi/rev/8e411b6a6e66
changeset: 7272:8e411b6a6e66
user:      Dirk Haun <dirk at haun-online.de>
date:      Sun Aug 30 15:48:52 2009 +0200
description:
Updated documentation and version number

diffstat:

 public_html/admin/install/lib-install.php |   2 +-
 public_html/docs/english/changes.html     |  18 ++++++++++++++++++
 public_html/docs/history                  |  27 +++++++++++++++++++++++++++
 3 files changed, 46 insertions(+), 1 deletions(-)

diffs (76 lines):

diff -r e21f228d9135 -r 8e411b6a6e66 public_html/admin/install/lib-install.php
--- a/public_html/admin/install/lib-install.php	Sun Aug 30 10:15:43 2009 +0200
+++ b/public_html/admin/install/lib-install.php	Sun Aug 30 15:48:52 2009 +0200
@@ -56,7 +56,7 @@
     * This constant defines Geeklog's version number. It will be written to
     * siteconfig.php and the database (in the latter case minus any suffix).
     */
-    define('VERSION', '1.6.0sr1');
+    define('VERSION', '1.6.0sr2');
 }
 if (!defined('XHTML')) {
     define('XHTML', ' /');
diff -r e21f228d9135 -r 8e411b6a6e66 public_html/docs/english/changes.html
--- a/public_html/docs/english/changes.html	Sun Aug 30 10:15:43 2009 +0200
+++ b/public_html/docs/english/changes.html	Sun Aug 30 15:48:52 2009 +0200
@@ -17,6 +17,24 @@
 list of files that have been changed since the last release.</p>
 
 
+<h2><a name="changes160sr2">Geeklog 1.6.0sr2</a></h2>
+
+<p>This release addresses the following security issue:</p>
+<ul>
+<li>Unauthorized file uploads were possible through FCKeditor.<br>
+Uploaded files still had to go through FCKeditor's filter, so it was not possible to upload scripts (and the integrity of the Geeklog site as such was not in danger). There were, however, reports that this was used to host malware.<br>
+This update prevents use of the upload feature when FCKeditor is disabled and disables it for anonymous users. It also doesn't allow uploading of archive files any more. Furthermore, you need some sort of "edit" permission now to be able to upload files through FCKeditor (this is meant as an interim measure - we will probably introduce a separate "upload" permission in future Geeklog versions).</li>
+</ul>
+
+<p>Other fixes:</p>
+<ul>
+<li>Fixed installation using InnoDB tables.</li>
+<li>Fixed a (non-exploitable) SQL error when auto-updating a story's
+    commentcode field.</li>
+<li>Fixed a wrong function name in the Links plugin.</li>
+</ul>
+
+
 <h2><a name="changes160sr1">Geeklog 1.6.0sr1</a></h2>
 
 <p>This release addresses the following security issues:</p>
diff -r e21f228d9135 -r 8e411b6a6e66 public_html/docs/history
--- a/public_html/docs/history	Sun Aug 30 10:15:43 2009 +0200
+++ b/public_html/docs/history	Sun Aug 30 15:48:52 2009 +0200
@@ -1,5 +1,32 @@
 Geeklog History/Changes:
 
+Aug 30, 2009 (1.6.0sr2)
+------------
+
+This release addresses the following security issue:
+- Unauthorized file uploads were possible through FCKeditor.
+  Uploaded files still had to go through FCKeditor's filter, so it was not
+  possible to upload scripts (and the integrity of the Geeklog site as such was
+  not in danger). There were, however, reports that this was used to host
+  malware.
+  This update prevents use of the upload feature when FCKeditor is disabled and
+  disables it for anonymous users. It also doesn't allow uploading of archive
+  files any more. Furthermore, you need some sort of "edit" permission now to
+  be able to upload files through FCKeditor (this is meant as an interim
+  measure - we will probably introduce a separate "upload" permission in future
+  Geeklog versions).
+
+Not security-related:
+- Fixed installation using InnoDB tables [Dirk]
+- Links plugin: Fixed wrong function name in the autoinstall.php file
+  (bug #0000954)
+- Fixed an SQL error (due to a missing global declaration; not exploitable) when
+  the commentcode field was auto-updated (reported by Jokke_K) [Dirk]
+
+This release also includes updated Hebrew (provided by LWC) and German language
+files.
+
+
 Jul 30, 2009 (1.6.0sr1)
 ------------

More information about the geeklog-cvs mailing list